<?php

/**
 * 后台公用文件
 */

if(!defined('IN_ECS'))
{
	die('Hacking attempt');
}

define('ECS_ADMIN',true);

error_reporting(E_ALL);

if(__FILE__ == '')
{
	die('Fatal error code: 0');
}

@ini_set('memory_limit', '64M');
@ini_set('session.cache_expire', 180);
@ini_set('session.use_trans_sid', 0);
@ini_set('session.use_cookies', 1);
@ini_set('session.auto_start', 0);
@ini_set('display_errors', 1);

if(DIRECTORY_SEPARATOR == '\\')
{
	@ini_set('include_path', '.;'.ROOT_PATH);
}
else 
{
	@ini_set('include_path', '.:'.ROOT_PATH);
}

if(file_exists('../data/config.php'))
{
	include('../data/config.php');
}
else 
{
	include('../includes/config.php');
}

if(!defined('ADMIN_PATH'))
{
	define('ADMIN_PATH','admin');
}

define('ROOT_PATH',str_replace(ADMIN_PATH . '/includes/init.php','',str_replace('\\', '/', __FILE__)));

if(defined('DEBUG_MODE') == false)
{
	define('DEBUG_MODE',0);
}
if(PHP_VERSION >= '5.1' && !empty($timezone))
{
	date_default_timezone_set($timezone);
}

if(isset($_SERVER['PHP_SELF']))
{
	define('PHP_SELF',$_SERVER['PHP_SELF']);
}
else 
{
	define('PHP_SELF',$_SERVER['SCRIPT_NAME']);
}

require(ROOT_PATH . 'includes/inc_constant.php');
require(ROOT_PATH . 'includes/cls_ecshop.php');
require(ROOT_PATH . 'includes/cls_error.php');
require(ROOT_PATH . 'includes/lib_time.php');
require(ROOT_PATH . 'includes/lib_base.php');
require(ROOT_PATH . 'includes/lib_common.php');
require(ROOT_PATH . ADMIN_PATH .'/includes/lib_main.php');
require(ROOT_PATH . ADMIN_PATH .'/includes/cls_exchange.php');

if(!get_magic_quotes_gpc())
{
	if(!empty($_GET))
	{
		$_GET = addslashes_deep($_GET);
	}
	if(!empty($_POST))
	{
		$_POST = addslashes_deep($_POST);
	}
	
	$_COOKIE = addslashes_deep($_COOKIE);
	$_REQUEST = addslashes_deep($_REQUEST);
}

if(strpos(PHP_SELF, '.php/')!== FALSE)
{
	ecs_header("Location:".substr(PHP_SELF, 0,strpos(PHP_SELF, '.php/')+4)."\n");
	exit;
}

$ecs = new ECS($db_name,$prefix);

define('DATA_DIR',$ecs->data_dir());
define('IMAGE_DIR',$ecs->image_dir());

require(ROOT_PATH . 'includes/cls_mysql.php');
$db = new cls_mysql($db_host, $db_user, $db_pass,$db_name);
$db_host = $db_user = $db_pass = $db_name = NULL;

$err = new ecs_error('message.html');

require(ROOT_PATH . 'includes/cls_session.php');
$sess = new cls_session($db, $ecs->table('sessions'), $ecs->table('sessions_data'),'ECSCP_ID');

if(!isset($_REQUEST['act']))
{
	$_REQUEST['act'] = '';
}
elseif(($_REQUEST['act']== 'login' || $_REQUEST['act'] == 'logout' || $_REQUEST['act'] == 'signin') && strpos(PHP_SELF, '/privilege.php')=== false)
{
	$_REQUEST['act'] = '';
}

$_CFG = load_config();

if($_REQUEST['act'] == 'captcha')
{
	include(ROOT_PATH . 'includes/cls_captcha.php');
	$img = new captcha('../data/captcha/');
	@ob_end_clean();
	$img->generate_image();
	
	exit;
}

require(ROOT_PATH . 'languages/' .$_CFG['lang'] .'/admin/common.php');
require(ROOT_PATH . 'languages/' .$_CFG['lang'] .'/admin/log_action.php');

if(file_exists(ROOT_PATH . 'languages/' . $_CFG['lang'] . '/admin/' . basename(PHP_SELF)))
{
	include(ROOT_PATH . 'languages/' . $_CFG['lang'] .'/admin/'.basename(PHP_SELF));
}

if(!file_exists('../temp/caches'))
{
	@mkdir('../temp/caches',0777);
	@chmod('../temp/caches', 0777);
}

if(!file_exists('../temp/compiled/admin'))
{
	@mkdir('../temp/compiled/admin',0777);
	@mkdir('../temp/compiled/admin',0777);
}

clearstatcache();



require(ROOT_PATH . 'includes/cls_template.php');
$smarty = new cls_template();

$smarty->template_dir = ROOT_PATH . ADMIN_PATH . '/templates';
$smarty->compile_dir = ROOT_PATH . 'temp/compiled/admin';

$smarty->assign('lang',$_LANG);
$smarty->assign('help_open',$_CFG['help_open']);



if((!isset($_SESSION['admin_id']) || intval($_SESSION['admin_id'])<=0) && $_REQUEST['act'] != 'login' && $_REQUEST['act'] != 'signin'
	&& $_REQUEST['act'] != 'forget_pwd' && $_REQUEST['act'] != 'reset_pwd' && $_REQUEST['act'] != 'check_order')
{
	if(!empty($_COOKIE['ECSCP']['admin_id']) && !empty($_COOKIE['ECSCP']['admin_pass']))
	{
		$sql = 'SELECT user_id,user_name,password,action_list,last_login '.
				' FROM '. $ecs->table('admin_user').
				" WHERE user_id = '" . intval($_COOKIE['ECSCP']['admin_id'])."'";
		$row = $db->getRow($sql);
		
		if(!$row)
		{
			setcookie($_COOKIE['ECSCP']['admin_id'],'',1);
			setcookie($_COOKIE['ECSCP']['admin_pass'],'',1);
			
			if(!empty($_REQUEST['is_ajax']))
			{
				make_json_error($_LANG['priv_error']);
			}
			else 
			{
				ecs_header("Location:privilege.php?act=login\n");
			}
			
			exit;
		}
		else 
		{
			if(md5($row['password'].$_CFG['hash_code']) == $_COOKIE['ECSCP']['admin_pass'])
			{
				!isset($row['last_time']) && $row['last_time'] = '';
				set_admin_session($row['user_id'],$row['user_name'],$row['action_list'],$row['last_time']);
				$db->query('UPDATE ' . $ecs->table('admin_user') . 
							" SET last_login = '" .gmtime()."',last_ip = '".real_ip()."'".
							" WHERE user_id = '".$_SESSION['admin_id']."'");
				
			}
			else 
			{
				setcookie($_COOKIE['ECSCP']['admin_id'],'',1);
				setcookie($_COOKIE['ECSCP']['admin_pass'],'',1);
				
				if(!empty($_REQUEST['is_ajax']))
				{
					make_json_error($_LANG['priv_error']);
				}
				else 
				{
					ecs_header("Location: privilege.php?act=login\n");
				}
				exit;
			}
		}
	}
	else 
	{
		if(!empty($_REQUEST['is_ajax']))
		{
			make_json_error($_LANG['priv_error']);
		}
		else 
		{
			ecs_header("Location: privilege.php?act=login\n");
		}
		exit;
	}
}
	
if($_REQUEST['act'] != 'login' && $_REQUEST['act'] != 'signin' && $_REQUEST['act'] != 'forget_pwd' && $_REQUEST['act'] != 'reset_pwd' && $_REQUEST['act'] != 'check_order')
{
	$admin_path = preg_replace('/:\d+/', '', $ecs->url()) .ADMIN_PATH;
	if(!empty($_SERVER['HTTP_REFERER']) && strpos(preg_replace('/:\d+/', '', $_SERVER['HTTP_REFERER']), $admin_path) === false)
	{
		if(!empty($_REQUEST['is_ajax']))
		{
			make_json_error($_LANG['priv_error']);
			
		}
		else {
			ecs_header("Location:privilege.php?act=login\n");
		}
		
		exit;
	}
}

header('content-type:text/html;charset=' . EC_CHARSET);
header('Expire:Fri,14Mar1980 20:53:00 GMT');
header('Last-Modified:'.gmdate('D,d M Y H:i:s').' GMT');
header('Cache-Control: no-cache,must-revalidate');
header('Pragma:no-cache');

if(gzip_enabled())
{
	ob_start('ob_gzhandler');
}
else 
{
	ob_start();
}




